Adherence to technology certifications and industry compliance is critical to maintaining a robust and stalwart security profile. Because of this, Trellix is dedicated to ensuring its security products and technologies meet or exceed critical industry certifications and compliance requirements.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP enables agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT. This certification includes the expanded boundary of Trellix XDR and Email Security (ESC GovCloud), which includes the company's proprietary modules, including antivirus, anti-spam, and impersonation detection capabilities.
As one of the highest internationally recognized standards for information security, this certification covers every aspect of people, process, and systems security. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS). Trellix was certified ISO 27001 compliant in November 2022.
ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. Trellix was certified ISO 27017 compliant in November 2022.
ISO 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information (PII). Trellix was certified ISO 27018 compliant in November 2022.
As one of the highest internationally recognized standards for information security, this certification covers every aspect of people, process, and systems security. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS). Trellix was certified ISO 27001 compliant in November 2022.
Trellix undergoes annual independent third-party SSAE18 audit using the criteria set forth in the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Confidentiality (SOC 2®), and the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles set forth in the Trust Services Principles, TSP session 1 ODA. Trellix can provide its users with business need a report of its compliance (SOC2 Type II report), for the offerings listed below, that includes a description of the Trellix controls environment, and the external audit result and opinion of Trellix's controls that meet the AICPA Trust Services Security, Availability, and Confidentiality Principles and Criteria.
Trellix Helix | Trellix ePO SaaS | IVX | Trellix Email Security
Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security such as data protection and connection to third parties. Trellix received this certification in January 2024.